Author: ajaquith
Date: Sun Aug 3 05:09:11 2008
New Revision: 682136
URL: http://svn.apache.org/viewvc?rev=682136&view=rev
Log:
Massive re-factoring to make Stripes less invasive.
Removed:
incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/etc/jspwiki.jaas
Modified:
incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/etc/db/hsql/userdb-setup.ddl
incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/etc/db/postgresql/userdb-setup.ddl
incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/etc/jspwiki.properties.tmpl
incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/etc/jspwiki.tld
incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/etc/web.xml
Modified:
incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/etc/db/hsql/userdb-setup.ddl
URL:
http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/etc/db/hsql/userdb-setup.ddl?rev=682136&r1=682135&r2=682136&view=diff
==============================================================================
---
incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/etc/db/hsql/userdb-setup.ddl
(original)
+++
incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/etc/db/hsql/userdb-setup.ddl
Sun Aug 3 05:09:11 2008
@@ -5,6 +5,7 @@
drop user @jdbc.user.id@;
create table @jspwiki.userdatabase.table@ (
+ @jspwiki.userdatabase.uid@ bigint,
@jspwiki.userdatabase.email@ varchar(100),
@jspwiki.userdatabase.fullName@ varchar(100),
@jspwiki.userdatabase.loginName@ varchar(100) not null,
@@ -12,7 +13,9 @@
@jspwiki.userdatabase.wikiName@ varchar(100),
@jspwiki.userdatabase.created@ timestamp,
@jspwiki.userdatabase.modified@ timestamp,
- constraint @jspwiki.userdatabase.table@ primary key
(@jspwiki.userdatabase.loginName@)
+ @jspwiki.userdatabase.lockExpiry@ timestamp,
+ @jspwiki.userdatabase.attributes@ longvarchar,
+ constraint @jspwiki.userdatabase.table@ primary key
(@jspwiki.userdatabase.uid@)
);
create table @jspwiki.userdatabase.roleTable@ (
@@ -44,19 +47,39 @@
grant select, insert, update, delete on @jspwiki.groupdatabase.membertable@ to
@jdbc.user.id@;
insert into @jspwiki.userdatabase.table@ (
+ @jspwiki.userdatabase.uid@,
@jspwiki.userdatabase.email@,
@jspwiki.userdatabase.fullName@,
@jspwiki.userdatabase.loginName@,
@jspwiki.userdatabase.password@,
- @jspwiki.userdatabase.wikiName@
+ @jspwiki.userdatabase.wikiName@,
+ @jspwiki.userdatabase.attributes@
) values (
+ '-7739839977499061014',
'[EMAIL PROTECTED]',
'Janne Jalkanen',
'janne',
- '457b08e825da547c3b77fbc1ff906a1d00a7daee',
- 'JanneJalkanen'
+ '{SSHA}1WFv9OV11pD5IySgVH3sFa2VlCyYjbLrcVT/qw==',
+ 'JanneJalkanen',
+ 'attribute1=some random value\nattribute2=another value'
);
+insert into @jspwiki.userdatabase.table@ (
+ @jspwiki.userdatabase.uid@,
+ @jspwiki.userdatabase.email@,
+ @jspwiki.userdatabase.fullName@,
+ @jspwiki.userdatabase.loginName@,
+ @jspwiki.userdatabase.password@,
+ @jspwiki.userdatabase.wikiName@
+) values (
+ '-6852820166199419346',
+ '[EMAIL PROTECTED]',
+ 'Administrator',
+ 'admin',
+ '{SSHA}6YNKYMwXICUf5pMvYUZumgbFCxZMT2njtUQtJw==',
+ 'Administrator'
+);
+
insert into @jspwiki.userdatabase.roleTable@ (
@jspwiki.userdatabase.loginName@,
@jspwiki.userdatabase.role@
@@ -65,6 +88,22 @@
'Authenticated'
);
+insert into @jspwiki.userdatabase.roleTable@ (
+ @jspwiki.userdatabase.loginName@,
+ @jspwiki.userdatabase.role@
+) values (
+ 'admin',
+ 'Authenticated'
+);
+
+insert into @jspwiki.userdatabase.roleTable@ (
+ @jspwiki.userdatabase.loginName@,
+ @jspwiki.userdatabase.role@
+) values (
+ 'admin',
+ 'Admin'
+);
+
insert into @jspwiki.groupdatabase.table@ (
@jspwiki.groupdatabase.name@,
@jspwiki.groupdatabase.created@,
Modified:
incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/etc/db/postgresql/userdb-setup.ddl
URL:
http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/etc/db/postgresql/userdb-setup.ddl?rev=682136&r1=682135&r2=682136&view=diff
==============================================================================
---
incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/etc/db/postgresql/userdb-setup.ddl
(original)
+++
incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/etc/db/postgresql/userdb-setup.ddl
Sun Aug 3 05:09:11 2008
@@ -51,10 +51,24 @@
'[EMAIL PROTECTED]',
'Janne Jalkanen',
'janne',
- '457b08e825da547c3b77fbc1ff906a1d00a7daee',
+ '{SSHA}1WFv9OV11pD5IySgVH3sFa2VlCyYjbLrcVT/qw==',
'JanneJalkanen'
);
-
+
+insert into @jspwiki.userdatabase.table@ (
+ @jspwiki.userdatabase.email@,
+ @jspwiki.userdatabase.fullName@,
+ @jspwiki.userdatabase.loginName@,
+ @jspwiki.userdatabase.password@,
+ @jspwiki.userdatabase.wikiName@
+) values (
+ '[EMAIL PROTECTED]',
+ 'Administrator',
+ 'admin',
+ '{SSHA}6YNKYMwXICUf5pMvYUZumgbFCxZMT2njtUQtJw==',
+ 'Administrator'
+);
+
insert into @jspwiki.userdatabase.roleTable@ (
@jspwiki.userdatabase.loginName@,
@jspwiki.userdatabase.role@
@@ -63,6 +77,22 @@
'Authenticated'
);
+insert into @jspwiki.userdatabase.roleTable@ (
+ @jspwiki.userdatabase.loginName@,
+ @jspwiki.userdatabase.role@
+) values (
+ 'admin',
+ 'Authenticated'
+);
+
+insert into @jspwiki.userdatabase.roleTable@ (
+ @jspwiki.userdatabase.loginName@,
+ @jspwiki.userdatabase.role@
+) values (
+ 'admin',
+ 'Admin'
+);
+
insert into @jspwiki.groupdatabase.table@ (
@jspwiki.groupdatabase.name@,
@jspwiki.groupdatabase.created@,
Modified:
incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/etc/jspwiki.properties.tmpl
URL:
http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/etc/jspwiki.properties.tmpl?rev=682136&r1=682135&r2=682136&view=diff
==============================================================================
---
incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/etc/jspwiki.properties.tmpl
(original)
+++
incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/etc/jspwiki.properties.tmpl
Sun Aug 3 05:09:11 2008
@@ -15,6 +15,19 @@
jspwiki.applicationName = @appname@
#
+# Describe where your wiki lives (the real URL through which it is available
+# through the internet/intranet). This is a mandatory attribute.
+#
+# Be careful if you use a localhost address (http://localhost/ or
http://127.0.0.1/),
+# as this will cause some unwanted side effects if your wiki is accessed from
+# any other computer than where the wiki is running.
+#
+# Example:
+# jspwiki.baseURL = http://www.jspwiki.org/
+#
+jspwiki.baseURL=
+
+#
# Which page provider class to use. Possibilities are:
#
# RCSFileProvider - for simple RCS-based file storage
@@ -143,24 +156,6 @@
#
jspwiki.diffProvider = TraditionalDiffProvider
-#
-# BaseURL can be used to rewrite all of JSPWiki's internal references.
-# Sometimes, especially if you're behind a address-rewriting firewall,
-# relative URLs don't work since the servlet container has no idea
-# where it's actually located.
-#
-# Leave undefined if you want to rely on what your servlet container
-# thinks of where your application lives.
-#
-# You MUST, however, define this one if you want to enable RSS (see below).
In
-# general, this is a good idea to define it anyway. Do not forget the
-# trailing slash.
-#
-# Example:
-# jspwiki.baseURL = http://www.jspwiki.org/
-#
-#jspwiki.baseURL=
-
# Determines if you need to have relative urls or not. If the baseURL
# is not set, then this has no effect, but if you set the baseURL (which
# is highly recommended), you can use this to set relative urls.
@@ -252,46 +247,6 @@
#
jspwiki.templateDir = default
-#
-# Preferences for default template
-#
-jspwiki.defaultprefs.template.skinname =PlainVanilla
-jspwiki.defaultprefs.template.dateformat =dd-MMM-yyyy HH:mm
-jspwiki.defaultprefs.template.timezone =GMT+01:00
-jspwiki.defaultprefs.template.orientation =fav-left
-jspwiki.defaultprefs.template.editor =plain
-
-jspwiki.defaultprefs.timeformat.01=d/MM
-jspwiki.defaultprefs.timeformat.02=d/MM/yy
-jspwiki.defaultprefs.timeformat.03=d/MM/yyyy
-jspwiki.defaultprefs.timeformat.04=dd/MM/yy
-jspwiki.defaultprefs.timeformat.05=dd/MM/yyyy
-jspwiki.defaultprefs.timeformat.06=EEE, dd/MM/yyyy
-jspwiki.defaultprefs.timeformat.07=EEE, dd/MM/yyyy, Z
-jspwiki.defaultprefs.timeformat.08=EEE, dd/MM/yyyy, zzzz
-jspwiki.defaultprefs.timeformat.09=d/MM/yy HH:mm
-jspwiki.defaultprefs.timeformat.10=d/MM/yy hh:mm a
-jspwiki.defaultprefs.timeformat.11=d/MM/yy hh:mm a, Z
-jspwiki.defaultprefs.timeformat.12=dd-MMM
-jspwiki.defaultprefs.timeformat.13=dd-MMM-yy
-jspwiki.defaultprefs.timeformat.14=dd-MMM-yyyy
-jspwiki.defaultprefs.timeformat.15=EEE, dd-MMM-yyyy
-jspwiki.defaultprefs.timeformat.16=EEE, dd-MMM-yyyy, Z
-jspwiki.defaultprefs.timeformat.17=EEE, dd-MMM-yyyy, zzzz
-jspwiki.defaultprefs.timeformat.18=dd-MMM-yyyy HH:mm
-jspwiki.defaultprefs.timeformat.19=dd-MMM-yyyy hh:mm a
-jspwiki.defaultprefs.timeformat.20=dd-MMM-yyyy hh:mm a, Z
-jspwiki.defaultprefs.timeformat.21=MMMM dd, yyyy
-jspwiki.defaultprefs.timeformat.22=MMMM dd, yyyy HH:mm
-jspwiki.defaultprefs.timeformat.23=MMMM dd, yyyy hh:mm a
-jspwiki.defaultprefs.timeformat.24=MMMM, EEE dd,yyyy hh:mm a
-jspwiki.defaultprefs.timeformat.25=MMMM, EEEE dd,yyyy hh:mm a
-jspwiki.defaultprefs.timeformat.26=dd.MM.yyyy
-jspwiki.defaultprefs.timeformat.27=dd.MM.yyyy, HH:mm
-jspwiki.defaultprefs.timeformat.28=dd.MM.yyyy, HH:mm zz
-jspwiki.defaultprefs.timeformat.29=EEEE, dd.MM.yyyy
-jspwiki.defaultprefs.timeformat.30=EE, dd.MM.yyyy, HH:mm zz
-jspwiki.defaultprefs.timeformat.31=EEEE, d. MMMM yyyy, HH:mm zz
#
# The name of the front page. This is the page that gets loaded if no
@@ -301,6 +256,11 @@
#
#jspwiki.frontPage = Main
+#
+# Allow creation of empty pages. Defaults to false.
+#
+#jspwiki.allowCreationOfEmptyPages = false
+
#
# If set to true, all outward links have a small icon attached. The icon
# can be found from images/out.png. Default is true.
@@ -418,6 +378,7 @@
#jspwiki.urlConstructor = DefaultURLConstructor
#jspwiki.urlConstructor = ShortViewURLConstructor
#jspwiki.shortURLConstructor.prefix = wiki/
+jspwiki.urlConstructor = StripesURLConstructor
#############################################################################
#
@@ -444,42 +405,102 @@
#
# For users looking to get started quickly, the default settings below
# should work fine. In addition to the properties below, you may also
-# want to set the following JRE runtime properties when running JSPWiki
-# or the servlet container it runs in:
-#
-# java.security.auth.login.config==/path-to/jspwiki.jass
-# java.security.policy=/path-to/jspwiki.policy
+# want to modify the security policy file WEB-INF/jspwiki.policy. See
+# the policy file for more details.
#
-# See the jspwiki.properties and jspwiki.jaas files for more details on
-# how to do this. These files contain addition configuration options
-# for the JSPWiki security policy and authentication, respectively, although
-# the defaults should work fine. If you don't set the JRE properties,
-# JSPWiki will use default versions from the WEB-INF directory.
-
# AUTHENTICATION
+#
# For authentication, JSPWiki uses JAAS (Java Authentication and Authorization
-# Service). The Authentication system is configured in the jspwiki.jaas
-# file; by default it will attempt to leverage your servlet container's
-# authentication services, if present. JSPWiki also can use its own
-# authentication system, which is separate from the container.
-#
-# JSPWiki will try to detect whether you are using container authentication
-# To use container authentication, you must uncomment
-# the <security-constraint> elements in WEB-INF/web.xml.
+# Service) in combination with a servlet filter that picks up any credentials
+# set by the servlet container. The Authentication system is configured below.
+#
+# You must choose either (A) Container or (B) Custom authentication. (B) is
the default.
+#
+# A) CONTAINER AUTHENTICATION
+# JSPWiki will always (passively) collect credentials supplied by your servlet
+# container, via HttpServletRequest.getUserPrincipal/getRemote user. You do
not
+# need to do anything to enable this. In addition, you can cause JSPWiki users
+# to log in to the web container by uncommenting the the <security-constraint>
+# elements in WEB-INF/web.xml.
+#
+# B) CUSTOM AUTHENTICATION
+# If you do not wish to use container-managed authentication, you can use
JSPWiki's
+# own custom authentication system. This uses a JAAS LoginModule (supplied
below)
+# to log in the user. You can use any JAAS LoginModule you want.
+# The default class is com.ecyrd.jspwiki.auth.login.UserDatabaseLoginModule,
+# which compares the supplied username and hashed password with the values
stored
+# in the configured UserDatabase (see USER DATABASE below).
+#
+# Supply the JAAS LoginModule class used for custom authentication here.
+# The implementation MUST have a zero-argument constructor (as noted in the
+# javax.security.auth.spi.LoginModule Javadocs).
+jspwiki.loginModule.class =
com.ecyrd.jspwiki.auth.login.UserDatabaseLoginModule
+
+#
+# JAAS LoginContext parameters used to initialize the LoginModule. Note that
'param1'
+# etc. should be replaced with the actual parameter names. The parameter
names and
+# values will be loaded to a Map and passed to the LoginModule as the
'options' parameter
+# when its initialize() method is called. The default UserDatabaseLoginModule
class does
+# not need any options.
+#jspwiki.loginModule.options.param1 = value1
+#jspwiki.loginModule.options.param2 = value2
+
+#
+# Cookie authentication & assertion
+#
+# If this value is set to "true", then JSPWiki will allow you to "assert" an
+# identity using a cookie. It's still considered to be unsafe, just like no
+# login at all, but it is useful when you have no need to force everyone to
login.
+#
+# By default, this is on.
+#
+#jspwiki.cookieAssertions=true
+
+#
+# If you would like to keep your users logged in for weeks at a time, you can
+# turn on "cookie authentication" feature. However, this comes with important
+# security caveats:
+# 1) User will stay logged in into your system for weeks. This means that if
+# someone manages to nab the cookie during this time, they can pretend to
+# be that user.
+# 2) The mappings between cookies and users are written in your filesystem,
+# in $jspwiki.workDir/logincookies. Access to this directory means that
+# the ability to fake anyone in the wiki, so please make sure that only
+# the proper admin has read access to this directory.
+#
+# By default, cookie authentication is off.
+#
+#jspwiki.cookieAuthentication=false
+
+#
+# Defines how many days the cookies are kept, and how often the people have
to log in.
+# The default is two weeks, i.e. 14 days. If you need a shorter period than
one day,
+# turn off cookie authentication, then tweak your web.xml to allow for longer
sessions.
+#
+#jspwiki.cookieAuthentication.expiry=14
+
+#
+#
+# AUTHORIZATION
#
-# AUTHORIZATION (EXTERNAL)
# For authorization, JSPWiki has a two-tier system. When we want to
# determine whether a user has permission to perform a certain action,
-# we first consult an external "authorizer" to determine if the user
-# is a member of the required role. By default, JSPWiki uses the
-# servlet container's authorization service for this (that is, it
-# calls HttpServletRequest.isUserInRole(String) ).
-# However, you can use another Authorizer if you wish; specify that
-# class here.
+# we first consult (A) an external "authorizer" to determine if the user
+# is a member of the required role. In addition to checking its external
+# authorizer, it also checks (B) its GroupManager for wiki-managed groups.
+#
+# A) EXTERNAL AUTHORIZATION
+# By default, JSPWiki uses the servlet container's authorization service
+# for to check what roles the user belongs to (that is, it calls
+# HttpServletRequest.isUserInRole(String)). After the user authenticates,
+# the default Authorizer (WebContainerAuthorizer) checks to see if the user
+# belongs to the roles listed in web.xml using <security-role>/<role-name> or
+# <auth-constraint>/<role-name> elements. However, you can use another
+# Authorizer if you wish; specify that class here.
jspwiki.authorizer = com.ecyrd.jspwiki.auth.authorize.WebContainerAuthorizer
-# AUTHORIZATION (GROUPS)
+# B) GROUPS
# As an additional source of authorization, users can belong to discretionary
# "wiki groups" that the users manage themselves. Wiki groups are stored in a
# GroupDatabase. The default group database uses an XML file for persistent
@@ -542,7 +563,7 @@
# markup. For example: "[{ALLOW edit Charlie}]". If using a custom
# ACL manager, specify the AclManager implementation class here:
-jspwiki.aclManager = com.ecyrd.jspwiki.auth.acl.DefaultAclManager
+jspwiki.aclManager = com.ecyrd.jspwiki.auth.acl.DefaultAclManager
#############################################################################
#
@@ -646,36 +667,6 @@
###########################################################################
#
-# Determine how certain file commands are run. They have been
-# commented out, since most likely you want to use the defaults.
-# Be warned, making mistakes with these may well ruin your entire
-# Wiki collection!
-#
-# The command to run diff:
-# NOTE! If you do not specify this, an internal "diff" routine is used.
-# In most cases, you really should not touch this.
-#
-#jspwiki.diffCommand = diff -u %s1 %s2
-
-# The command for RCS checkin
-#jspwiki.rcsFileProvider.checkinCommand = ci -q -mx -l -t-none %s
-
-# The command for RCS checkout of the newest version
-#jspwiki.rcsFileProvider.checkoutCommand = co -l %s
-
-# The command for checking out a specific version (%v = version number)
-#jspwiki.rcsFileProvider.checkoutVersionCommand = co -p -r1.%v %s
-
-# The command for RCS log headers
-# If you have a version of RCS that does not support the "-z" flag, then
-# you can try this one out without it. It should work.
-#jspwiki.rcsFileProvider.logCommand = rlog -zLT -h %s
-
-# The command for getting the entire modification history
-#jspwiki.rcsFileProvider.fullLogCommand = rlog -zLT %s
-
-###########################################################################
-#
# JDBC Configuration. Tells JSPWiki which tables and columns to map
# to for the JDBCUserDatabase and JDBCGroupDatabase. For more info, see the
# JavaDoc for classes com.ecyrd.jspwiki.auth.user.JDBCUserDatabase and
@@ -683,6 +674,7 @@
#
jspwiki.userdatabase.datasource=jdbc/UserDatabase
jspwiki.userdatabase.table=users
+jspwiki.userdatabase.uid=uid
jspwiki.userdatabase.email=email
jspwiki.userdatabase.fullName=full_name
jspwiki.userdatabase.loginName=login_name
@@ -690,6 +682,8 @@
jspwiki.userdatabase.wikiName=wiki_name
jspwiki.userdatabase.created=created
jspwiki.userdatabase.modified=modified
+jspwiki.userdatabase.lockExpiry=lock_expiry
+jspwiki.userdatabase.attributes=attributes
jspwiki.userdatabase.roleTable=roles
jspwiki.userdatabase.role=role
jspwiki.groupdatabase.datasource=jdbc/GroupDatabase
@@ -710,16 +704,27 @@
# (recommended, and the default), or a stand-alone factory whose properties
# are configured with mail.* properties in this file (below).
#
-# A. JNDI Resource Factory Configuration. JSPWiki will try this first.
+
+# A. Configure the address from which the email appears to come.
+# If you're going to use a mail session obtained via JNDI, this setting
+# will only be used if it hasn't already been configured in the obtained
+# session itself. If you comment it out, JSPWiki will use its internal
+# default value.
+# If you're going to use a stand-alone mail session, you will surely want
+# to configure it, otherwise the internal default value will be used.
+#
+mail.from = @mail.from@
+
+# B. JNDI Resource Factory Configuration. JSPWiki will try this first.
# You will need to configure your container to provide a JavaMail
# resource factory. See your container documentation, or check our
# fairly complete documentation (with examples for Tomcat) in
# the JavaDocs for com.ecyrd.jspwiki.util.MailUtil.
#
-# JNDI resource name. The commented-out value is the default
+# JNDI resource name. The commented-out value is the default.
#jspwiki.mail.jndiname = mail/Session
-# B. Stand-alone Resource Factory. JSPWiki will use these values if JNDI
fails.
+# C. Stand-alone Resource Factory. JSPWiki will use these values if JNDI
fails.
#
# Your SMTP host (i.e. the one which sends email)
mail.smtp.host = @mail.smtp.host@
@@ -727,9 +732,6 @@
# If for some reason the standard smtp port (25) is blocked, you can change it
here
#mail.smtp.port = @mail.smtp.port@
-# The address from which the email appears to come
-mail.from = @mail.from@
-
# If you are using a webserver that is publically accessible it usually
# doesn't allow you to send mail anonymously
# (because then this mailserver would become an open relay).
Modified: incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/etc/jspwiki.tld
URL:
http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/etc/jspwiki.tld?rev=682136&r1=682135&r2=682136&view=diff
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/etc/jspwiki.tld
(original)
+++ incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/etc/jspwiki.tld Sun
Aug 3 05:09:11 2008
@@ -614,6 +614,10 @@
<name>title</name>
<rtexprvalue>true</rtexprvalue>
</attribute>
+ <attribute>
+ <name>mode</name>
+ <rtexprvalue>true</rtexprvalue>
+ </attribute>
</tag>
<tag>
Modified: incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/etc/web.xml
URL:
http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/etc/web.xml?rev=682136&r1=682135&r2=682136&view=diff
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/etc/web.xml (original)
+++ incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/etc/web.xml Sun Aug
3 05:09:11 2008
@@ -6,21 +6,37 @@
version="2.4">
<description>
- JSPWiki is a free JSP-based WikiClone. It is licenced
- under the Lesser GNU General Public License.
+ JSPWiki is an open source JSP-based WikiClone. It is licenced
+ under the Apache 2.0 license.
- JSPWiki is maintained by Janne Jalkanen (+others),
- [EMAIL PROTECTED]
+ For more information, please come to http://www.jspwiki.org/
</description>
<display-name>JSPWiki</display-name>
-
+
<!-- Resource bundle default location -->
<context-param>
<param-name>javax.servlet.jsp.jstl.fmt.localizationContext</param-name>
<param-value>templates.default</param-value>
</context-param>
- <!-- All JSPs need to be checked for proper user access. -->
+ <!--
+ WikiServletFilter defines a servlet filter which filters all requests.
It was
+ introduced in JSPWiki 2.4.
+
+ In 2.7/2.8, the WikiServlet filter also performs an important security
function:
+ it sets authentication status based on container credentials. It should
generally
+ execute first. Note that if you configure a filter *before* this one
that returns
+ non-null values for getUserPrincipal() or getRemoteUser(),
WikiSecurityFilter
+ will pick the credentials up, and set the user's WikiSession state to
+ "authenticated." WikiServletFlter will also set the WikiSession's' state
+ to "authenticated" if jspwiki.properties property
"jspwiki.cookieAuthentication"
+ is set to true, and the user possesses the correct authentication cookie.
+
+ Lastly, if jspwiki.properties property "jspwiki.cookieAssertions" is set
to true,
+ WikiServletFilter will also set WikiSession state to "asserted" if the
user
+ possesses the correct "assertion cookie."
+ -->
+
<filter>
<filter-name>WikiServletFilter</filter-name>
<filter-class>com.ecyrd.jspwiki.ui.WikiServletFilter</filter-class>
@@ -36,34 +52,20 @@
<display-name>Stripes Filter</display-name>
<filter-name>StripesFilter</filter-name>
<filter-class>net.sourceforge.stripes.controller.StripesFilter</filter-class>
- <!-- WikiRuntimeConfiguration replaces the default Stripes
RuntimeConfiguration.
- It starts up the WikiEngine and the WikiTypeConverterFactory that
- marshals request parameters into properly resolved WikiPage and
Group objects.-->
+ <!-- Look for ActionBean implementations in the JSPWiki "action" package.
+ If you have custom WikiActionBeans you want JSPWiki to use, specify
them
+ here (comma-delimited). -->
<init-param>
- <param-name>Configuration.Class</param-name>
-
<param-value>com.ecyrd.jspwiki.ui.WikiRuntimeConfiguration</param-value>
+ <param-name>ActionResolver.Packages</param-name>
+ <param-value>com.ecyrd.jspwiki.action</param-value>
</init-param>
- <!-- Look for ActionBean implementations in the JSPWiki JAR. If you have
custom
- ActionBeans you want JSPWiki to use, specify them here
(comma-delimited). -->
+ <!-- Tell Stripes to auto-discover custom extension classes from the
"action"
+ package also. Extensions JSPWiki uses includes
WikiActionBeanContext,
+ WikiRuntimeConfiguration, WikiInterceptor and the various
TypeConverter
+ implementations for JSPWiki-specific types. -->
<init-param>
- <param-name>ActionResolver.UrlFilters</param-name>
- <param-value>WEB-INF/lib/JSPWiki.jar</param-value>
- </init-param>
- <!-- WikiActionBeanContext replaces the default Stripes
ActionBeanContext. This class
- contains references to the WikiEngine and WikiSesion. A new
instance of
- WikiActionBeanContext is automatically injected into every
ActionBean. -->
- <init-param>
- <param-name>ActionBeanContext.Class</param-name>
-
<param-value>com.ecyrd.jspwiki.action.WikiActionBeanContext</param-value>
- </init-param>
- <!-- In addition to the normal Stripes BeforeAfterMethodInterceptor, we
add the
- WikiInterceptor, which fires after the ActionBean is resolved. The
interceptor
- checks that the WikiEngine is initialized correctly, and that the
user has
- correct access to the ActionBean.-->
- <init-param>
- <param-name>Interceptor.Classes</param-name>
- <param-value>com.ecyrd.jspwiki.ui.WikiInterceptor,
-
net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor</param-value>
+ <param-name>Extension.Packages</param-name>
+ <param-value>com.ecyrd.jspwiki.action</param-value>
</init-param>
<!-- We override Stripes' normal resource bundle to use ours instead. -->
<init-param>
@@ -74,12 +76,6 @@
<param-name>LocalizationBundleFactory.ErrorMessageBundle</param-name>
<param-value>templates.default</param-value>
</init-param>
- <!-- Lastly, we define a set of custom ExceptionHandlers that deal with
any
- custom exceptions caught by Stripes. -->
- <init-param>
- <param-name>ExceptionHandler.Class</param-name>
-
<param-value>net.sourceforge.stripes.exception.DefaultExceptionHandler</param-value>
- </init-param>
<!-- Library for parsing multi-part file uploads -->
<init-param>
<param-name>MultipartWrapper.Class</param-name>
@@ -402,10 +398,11 @@
either way, as long as they match.
Note that accessing protected resources will cause your
- container to try to use SSL to secure the web session.
- This, of course, assumes your web container (or web server)
- is configured with SSL support. If you do not wish to use SSL,
- remove the "user-data-constraint" elements.
+ container to try to use SSL (default port for Tomcat is 8443)
+ to secure the web session. This, of course, assumes your
+ web container (or web server) is configured with SSL support.
+ If you do not wish to use SSL, remove the "user-data-constraint"
+ elements.
-->
<!-- REMOVE ME TO ENABLE CONTAINER-MANAGED AUTH
